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Description 

This Invention relates to Improvements in the 
security of data communication systems. The 
invention finds particular application in electronic 
funds transfer networks such as those dedicated 
to home banking and the preferred embodiment 
to be described In such an application, althougtv 
as will become apparent the Invehtibn Is not 
limited to the home banking application and may 
find use In other data communication systems 
which require a similar approach to message 
authentication and authorisation of transactions. 

The use of data communication networks to 
carry messages relating to financial transactions 
is becoming more common. Cash issuing ter- 
minals operated by a bank's customer using a 
magnetic stripe card and having a secret number 
(PIN) and connected on-line to a remote data 
processing machine are now commonplace. 
Automatic teller machines (ATM) which can per- 
form more functions than just issue cash are now 
appearing in banks, and there is an economic 
pressure to reduce the amount of paper work 
(cheque processing, etc.) related to financial 
transactions. 

Point of sale/electronic funds transfer (POS/ 
EFT) Is another development in which retailers 
have terminals connected to a packet switched 
networks and customers have their accounts 
debited on-line from the retailer's terminal when- 
ever a purchase Is made. 

A description of a POS/EFT system Is found in 
United Kingdom Patent Application No. 8324916 
which also describes a system for user and 
message authentication checking. In these 
systems an electronic funds transfer system (EFT) 
is described in which retail terminals located in 
stores are connected through a public switched 
telecommunication system to card issuing agen- 
cies data processing centres. Users of the system 
are issued with intelligent secure bank cards, 
which include a microprocessor, ROS and i^M 
stores. The ROS includes a personal key (KP) and 
an account number (PAN) stored on the card 
when the issuer issues it to the user. Users also 
have a personal identity number (PIN) which is 
stored or remembered separately. 

A transaction Is initiated at a retail terminal 
when a card Is Inserted in an EFT module con- 
nected to the terminal. A request message 
including the PAN and a session key (KS) is 
transmitted to the Issuers diata processing centre. 
The issuer generates an authentication parameter 
(TAP) based upon its stored version of KP and PIN 
and a time variant parameter received from the 
terminal. The TAP is then returned to the terminal 
in a response message, and based upon an 
inputted PIN, partial processing of the Input PIN 
and KP on the card a derived TAP Is compared 
with the received TAP in the terminal. A correct 
comparison indicating that the entered PIN is 
valid. 

The request message includes the PAN 
encoded under the KS and KS encoded under a 



cross-domain key. Message authentication codes 
(MAC) are attached to each message and the 
correct reception and regeneration of a MAC on a 
message including a term encoded under KS 

5 indicates that the received KS is valid and that the 
message originated at a valid terminal or card. 
Other publications describing the prior art in 
. EFT systems are as follows: 

Euriapean Patent Fhjbncatiori 321 9? (IBM Cor- 

10 poration)- describes a system in which each user 
and retailer has a cryptographic key number 
retailer's key Kr and user's key Kp — which is 
stored together with the user's account number 
and retailer's business number In a data store at 

IS the host central processing unit (cpu). The retail- 
er's key and the user key are used In the encryp- 
tion of data sent between the retailer's transaction 
terminal and the host cpu. Obviously only users 
or customers with their Identity numbers and 

20 encryption keys stored at the host cpu can make 
use of the system. As the number of users 
expands there Is an optimum number beyond 
which the time taken to look up corresponding 
keys and identity numbers is unacceptable for on- 

25 line transaction processing. 

The system described Is only a single domain 
and does not involve using a personal identifica- 
tion number (PIN). Verification of the user's iden- 
tity Is at the host and without a PIN there is no bar 

30 to users using stolen cards for transactions. 

European Patent Publication 18129 (Motorola 
inc.) describes a method of providing security of 
data on a communication path. Privacy and 
security of a dial-up data communications net- 

3S work are provided by means of either a user or 
terminal identification code together with^a prim- 
ary cipher key. A list of valid Identification codeis 
and primary cipher key pairs is maintained at the 
central processing unit. Identification code and 

40 cipher key pairs, sent to the cpu are compared 
with the stored code pairs. A correct comparison 
Is required before the cpu will accept encoded 
data sent from the terminal. Ail data sent over the 
network is ciphered to prevent unauthorised 

4S access using the relevant user or temrinal key. 

The system described is a single domain in 
which all terminal keys (or user keys) must be 
known at a central host location. Hence, the Ideas 
described in the patent do not address a multi- 

so host environment and thus are not addressing the 
interchange problem either. 

UK Patent Application 2,020,51 3A (Ateila 
Technovations) describes a method and 
apparatus which avoids the need for transmitting 

55 user-Identification information such as a personal 
identification number (PIN) in the dear from 
station to station in a network such as described 
in the two European Patent Publications men- 
tioned above. The PIN is encoded using a ran- 

60 domly generated number at a user station and the 
encoded PIN and the random number are sent to 
the processing station. At the processing station a 
second PIN having generic application is encoded 
using the received random number and the 
6S received encoded PIN and the generic encoded 
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PIN are compared to determine whether the 
received PIN is valid. 

This system does not use a personal key and as 
a consequence for a sufficiently cryptographically 
secure system, it is necessary to have a PIN with 
at least fourteen random characters (four bits 
each). This is a disadvantage from the human 
factor point of view as users will have difficulty 
remembering such a long string of characters and 
the chances of inputting unintentionally an 
incorrect string is very large. If a phrase, which a 
user can easily remember. Is employed for a PIN, 
about 28 characters are required. Although 
remembering the Information is not a problem, 
inputting such a long string of data still presents a 
human factors problem. 

The EIT system made possible by the systems 
described in the above patent applications is 
limited to a single host cpu holding the accounts 
of all users, both retailers and customers. 

An EFT system in which may card issuing 
organizations (banks, credit card companies, etc.) 
are connected and many hundreds of retail 
organizations are connected through switching 
nodes such as telephone exchanges, brings many 
more security problems. 

PCT publication Wo 81/02655 (Marvin Sendrow) 
describes a multi-host multi-user system in 
which the PIN is ciphered more than once at the 
entry terminal. The data required to validate and 
authorise the transactions is transmitted to a host 
computer which accesses from its stored data 
base the data that is required to decipher and 
validate the transaction, including the ciphered 
PIN. A secret terminal master key must be main- 
tained at each terminal. A list of these master keys 
is also maintained at the host computer. 

The maintaining of lists of terminal master keys 
at each of the card issuing organisation's host 
computers is obviously a difficult task, in a com- 
plex system where the terminal keys are not 
controlled and, therefore, not known by the card 
issuing host. 

European Patent Publication 55580 (Honeyweit 
Information Systems) seeks to avoid the necessity 
of transmitting PIN Information in the network by 
performing PIN verification at the entry point 
terminal. This is achieved by issuing each user 
with a card that has encoded in the magnetic 
stripe the bank identification (BIN), the user's 
account number (ACCN) and a PIN offset number. 
The PIN offset is calculated from the PIN, BIN and 
ACCN. The user enters the PIN at a keyboard 
attached to the terminal, which also reads the PIN 
offset, BIN and ACCN from the card. The terminal 
then re-calculates a PIN offset from the user's 
entered PIN, the BIN and ACCN. If the re-calcu- 
lated PIN offset is the same as the PIN offset read 
from the card then verification of the PIN Is 
assumed. This approach has the advantage in 
that the system is not involved in the validation 
and that knowing that the PIN offset is calculated 
from the PIN, the BIN and ACCN, anyone having 
knowledge of the process can manufacture 
fraudulent cards with valid PINS. 



Advances in microdrcuit chip technology has 
now led to the possibility that user cards Instead 
of having user data stored on a magnetic stripe 
can contain a microprocessor with a read only 

5 store (ROS). The microprocessor Is actiyated 
when the card is placed in an EFT terminal and the 
appropriate power and data transmission inter- 
face connections are made. The microprocessor 

■ on -the card is controlied by control- programs 

10 stored In the ROS. The users and issuer^ identi- 
fication can also be stored in the ROS together 
with other information. 

Examples of such cards including a micro- 
processor are shown in United Kingdom Patent 

ts Applications 2,081,644A and 2,095,175A. 

European Patent Application No. 82306989.3 
(IBM) which is considered as comprised in the 
state of the art according to Article 54 (3) and (4) 
EPC describes a method and apparatus for testing 

20 the validity of personal identification numbers 
(PIN) entered at a transaction tenninal of an 
electronic funds transfer network In which the PIN 
Is not directly transmitted through the networic. 
The PIN and the personal account number (PAN) 

25 are used to derive an authorisation parameter 
(DAP). A unique message is sent with the PAN to 
the host processor where the PAN is used to 
Identify a valid authorisation parameter (VAP). 
The VAP is used to encode the message and the 

30 result (a message authentication code MAC) 
transmitted back to the transaction terminal. The 
terminal generates a parallel derived message 
authentication code (DMAC) by using the DAP to 
encode the message. The DMAC and MAC are 

3S compared and the resuit of the comparison used 
to determine the validity of the PIN. 

In such a system the generation of DAP as well 
as VAP is based on a short PIN only and is 
therefore crytographicaily weak. Furthermore, the 

40 EFT transaction terminal has access to all the 
information carried on the identity card which 
may be regarded as a security weakness in the 
system. The present invention seeks to overcome 
such deficiencies by storing personal key data in a 

4S portable personal processor carried on a card and 
only processing the key data on the card. 

Iri any multi-domain communication network 
where such domain includes a data processor and 
in which cryptographically secure transmission 

so takes place it is necessary to establish cross 
domain keys. A communication security system 
in which cross domain keys are generated and 
used Is described In United States Patent No. 
4,227,253 (IBM). The patent describes a com- 

55 munication security system for data trans- 
missions between different domains of a multiple 
domain communication network where each 
domain includes a host system and its associated 
resources of programs and communication ter- 

60 minals. The host systems and communications 
terminals include data security devices each 
having a master key which permits a variety of 
cryptographic operations to be performed. When 
a host system in one domain wishes to com- 

6 munlcate with a host system In another domain, a 
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common session key is established at both host 
systems to permit cryptographic operations to be 
performed. This is accomplished by using a 
mutually agreed upon cross-domain key known 
by both host systems and does not require each 
host system to reveal its master key to the other 
host system. The cross domain key is enciphered 
under a key encrypting key at the sending host 
system and linder'a different key encrypting key 
at the receiving host system. The sending host 
system creates an enciphered session key and 
together with the sending cros8<k)maIn key per- 
forms a transformation function to re-endpher 
the session key under the cross domain key for 
transmission to the receiving host s^em. At the 
receiving host system, the receh/ing host system 
using the cross-domain key and the received 
session key, performs a transformation function 
to re-encipher the received session key from 
encipherment under the cross domain key to 
encipherment under the receiving host system 
master key. With the common session key now 
available in usable form at both host systems, a 
communication session is established and crypto* 
graphic operations can proceed between the two 
host systems. 

UK Patent Application 2,050,021 provides a 
method and means for establishing an encrypting 
key which need not be known even to authorised 
individually once it is properly established. The 
key is established using data which must be on 
file about a terminal and heips to exclude the 
attachment of unauthorised terminals to the 
system. 

Reference to the following publications are 
included as .giving general background infor- 
mation in encryption techniques and terminol- 
ogy: 

1. IBM Technical Disclosure Bulletin, Vol. 19, 
No. 11, April 1977 p 4241, "Terminal Master Key 
Security" by S. M. Matyas and C. 14. IVieyer. 

2. IBM Technical Data Bulletin, Vol. 24, No. IB, 
June 1981 pp 561—565 "Application for Personal 
Key Crypto with Insecure Terminals" by R. E. 
Lennon, S. M. Matyas, C. H. Meyer and R. E. 
Shuck; 

3. IBM Technical Data Bulletin, Vol. 24, No. 7B, 
December 1981 pp 3906—3909 "Pin Protection/ 
Verification for Electronic Funds Transfer" by R. E. 
Lennon, S. M. Matyas and C H. Meyer; 

4. IBM Technical Disclosure Bulletin, Vol. 24, 
No. 12, May 1982, pp 6504--6509 "Personal Veri- 
ficatlon and Message Authentication Using Per- 
sonal Keys" by R. E Lennon, S. M. Matyas and C. 
H. Meyer; 

5. IBM Technical DIsclosurB Bulletin, VoL 25, 
No. 5, October 1982, pp 2358—2360 "Authendca- 
tion with Stored KP and Dynamic PAC" by R. E. 
Lennon, S. M. Matyas and C. H. Meyer. 

GB 2050021 discloses a transaction initialization 
process for establishing an encryption key for a 
transaction betweeen a central processor and a 
terminal having a non secret ID and an authorised 
user owning a secret verification PIN which 
becomes, in effect, the PIN of the terminal. To 



establish a transaction, the sequence number 
SEQ NO and the terminal (D are sent to the 
Central Processor which already stores the estab- 
lished PIN, and thus, after retrieval and possible 

s decoding, can see SEQ NO, ID and PiN, the 
authorised user entering the PIN into the terminal. 
At both CPU and terminal, the same encryption 
operation take^ place using all three "inputs" and 
the high order bits TRAC ortly of the result are 

10 transmitted from terminal to CPO for comparison 
to establish autfiority, after which an encrypted 
session key Is sent from the CPU to the terminal. 

This arrangement Implies long operands, 
authorised users specific to terminal, terminals 

IS specific to a host and long term session keys, their 
validity for all transactions in a session or a day 
being mentioned. The arrangement of Itself 
cannot distinguish between users of a terminal, 
nor is it intended to as it sets out to establish the 

20 terminal/processor connection validity under the 
control of an authorised user for subsequent use 
by others. 

The present invention seeks to permit distinc- 
tion to be made between different users of any 

25 particular terminal and to provide for session keys 
particular to the material part of each transaction, 
though it does borrow the session key of the 
previous transaction to establish initial terminal/ 
processor communication. 

30 . A home banking system may be characterised 
as a system which has a small number of a bank's, 
valued customers as users. Users of the system 
provide their own terminal, equipment, for 
example, a personal computer or a television set 

dff with a keyboard etc. A set of equipment may well 
be shared by many users of equipment (Home; 
and Office). The system will have security require- 
ment^ that cover the control of access to private 
Information, authentication of a series of trans- 

40 actions and authorisation to perform that series of 
transactions. 

According to the present invention there is 
provided a data communication system including 
a host data processor connected through a com- 

45 munication network to a plurality of message 
source units, each unit including a validity mod- 
ule and in which the host data processor for each 
validity module issues and stores an initial cur- 
rent transaction session key (VM key n), and for 

so each user of the system issues and stores an 
authentication parameter (UAP)], derived from a 
first part or identity number (UID), which is stored 
on a user's input device and a second part, or 
secret number (UPW)/ which is stored or remem- 

ss bered separately by the user; 

and when a transaction Is initiated at a message 
source unit by a user the validity module includes 
means to construct and transmit to the host data 
processor a first message (MSG 1) including the 

60 user's identity number (UID) and a message 
authentication code (MAC 1) based upon the 
current transaction session key (VM key n); 

the host data processor includes first means to 
regenerate a message authentication code (MAC 

65 1 } when a first message (MSG 1 ) is received, and 



4 



7 



EP 0148 960 B1 



8 



to compare the regenerated message autiientica- 
tlon code with the received message authentica- 
tion code; 

second means to generate a random or pseudo 
random key (RN key); 

third means to generate a new transaction 
session key (VM Key n + 1) based upon the 
random key, (IVIAC 1) the users authentication 
paramateriUAP) and the current session key (VM • 
key); 

fourth means to construct and transmit to the 
validity module a second message (MSG 2) 
include the user authentication parameter (UAP) 
enciphered using the current transaction key (VM 
key n), and the random key enciphered using the 
user authentication parameter; 

whereby the validity module includes means 
operable upon receipt of the user's second para- 
meter (secret number) (UPW) to regenerate the 
user's authentication parameter (UAP) and 

means which upon receipt of the second 
message (MSG 2) can compare the received 
authentication parameter (UAP) with the regener- 
ated authentication parameter (UAP) for validity 
of the user's input and using the validated authen- 
tication parameter can decipher the random key 
and regenerate and store the new transaction 
session key for use with the next messages 
transmitted to the host data processor. 

According to a second aspect of the invention 
there is provided a method of updating session 
encipher keys in a data communication system in 
which a host-data processor is conencted through 
a communication network to a plurality of 
message source units, each unit including a 
validity module and tn which the host data pro- 
cessor for each validity module Issues and stores 
an initial current transaction session key, (VM key 
n) and for each user of the system Issues and 
stores an authentication parameter (UAP), 
denved from a first part or identity numtier (UID), 
which is stored on a user's Input device and a 
second part or secret number (UPW), which la 
stored or remembered separately by the user; 

a) including the steps of when a transaction is 
initiated at a message source unit by a user the 
validity module constructing and transmitting to 
the host data processor a first message (MSG 1) 
including the user's identity number (UID) and a 
message authentication code (MAC 1) based 
upon the current transaction session key (VM 
Icey); 

b) at the host data processor regenerating a 
message authentication code (MAC 1) when a 
first message is received, and comparing the 
regenerated message authentication (MAC 1) 
code with the received message authentication 
code (MAGI). 

c) generating a random or pseudo random key 
(RN key), 

d) generating a new transaction session key 
(VM Key n + 1} based upon the random key, the 
user's authenti'cation parameter (UAP) and the 
current session key (VM key), 

e) constructing and transmitting to the validity 



module a second message (MSG 2) including the 
user authentication parameter (UAP) enciphered 
using the current transaction k^ (VM key)# and 
the random key enciphered using the user 

5 authentication parameter; 

f) at the validity module regenerating upon 
receipt of the user's second parameter, the user's 
authentication parameter (UAP); and 
■ g).upon receipt of the second message {MSG "2) 

10 comparing the received authentication parameter 
(UAP) with the regenerated authentication para- 
meter (UAP) for validity of the user's input and 
using the validated authentication parameter to 
deciphering the random key and regenerating 

16 and store the new transaction session key (VM 
Key n + 1) for use with the next messages frana- 
mitted to the host data processor. 

In order that the invention may be fully under- 
stood a preferred embodiment thereof will now 

20 be descrit>ed with reference to the accompanying 
drawings in which: 

Rg. 1 is a schematic showing the major com- 
ponents of a home banking data communication 
system. 

25 Rg. 2 shows in diagrammatic form the com- 
ponent parts of a host bank's central processor. 

Rg. 3 shows in decipherment form the com- 
ponent parts of a validity module. 
The particular embodiment of the invention 

30 relates to security techniques to be employed in a 
'home banking' system. A bank's data processing 
centre connected to customers through a public 
switch system (PSS) needs to know that 
messages received from a terminal originate from 

35 a valid device, i.e. one that the bank has author- 
ised, and that the user is a valid user. 

In the preferred embodiment for each terminal- 
message source unit there is a vaiidrty module, 
whidi may be portable between terminals. Eacii 

40 validity module is issued with an identity (VMID), 
a seed number (VMSeedn), en initial transaction 
key (VMKEYn), tiie bank identity address (HIID) 
and an Index number (VMNDX). The bank stores 
all these Indexed by VMID. When a user initiates a 

4V transaction the terminal constructs a first 
message including VMID and the user's identity 
UID with a message authentication code (MACI) 
generated using VM KEYn. 
The bank has for each user a user identity (UID) 

&> and a user secret number (UPW) (Equivalent to 
PAN and PIN in other application3)L. When a first 
message is received the bank data processing 
centre uses VMID to obtain its own version of VM 
KEYn and then regenerates MACI and compares 

55 the received MACI with the regenerated MACI. If 
this operation is successful then a random key 
(RNKEY) is generated and using the RNKEY and 
the seed VMSeedn with VMID a new transaction 
session key (VM KEY n + 1) is generated. A new 

€0 seed (VM Seed n + 1) is also generated using the 
RNKEY and tiie old seed. 

A second message (MSG2) is created including 
an authorisation parameter (UVP) based upon 
UID and UPW enciphered using VMSeedn and 

66 VMKEYn this term is catted UAP (user autiientica- 
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tlon parameter). The message also Includes tfie 
RNKEY enciphered using UVP, VMSeedn, VMID. 

When the terminal receives MSG2 and the user 
inputs UPW (PIN) it can recreate UVP, and com- 
pare the recreated UVP with the receh/ed 
deciphered UVP. The terminal can then decipher 
RNKEY and recreate its own versions of VMKEY 
n + 1 and VM Seednl. The new transaction ses- 
sion key and seed are used for the authentication- 
of the next message sent from the terminal. 

Using this system an outsider cannot emulate a 
validity module or pretend to be a bank as the 
critical parameters are changed with each usage 
of the module, thus providing a highly secure 
system. 

Features of the invention Include the secure 
updating of session keys, the confirmation of 
validity of each validity module and the conftrma- 
tion of the host validity, by using the the author- 
isation parameter (UVP) itself enciphered under a 
key which Is only used for one message transfer. 

Referring now more particulariy to Rg. 1 there 
is shown in schematic form the major com- 
ponents of a home banking systwn. 

The host data processing centres 10 of banks 
and similar financial instftutlons are connected 
through suitable Interfaces to a communications 
medium such as a public pocket switched net- 
work (PSS) 12. Customers or users of the system 
interact with it through terminal devices 14 which 
are connected to the communications medium. 

The terminal 14 may be a personal computer, a 
television set with a keyboard such as is used for 
a videotex system, or any other suitable Input/ 
output display device. The terminals may be 
directly connected to the PSS 12 through: 
modems or be connected through a local node 
such as shown at 16. Each terminal for the home 
banking system embodying the present invention 
must be capable of Interconnecting with a valida- 
tion module (VALMOD). 

A validation module is one of a variety of 
physical devices Including an Intelligent secure 
card, a portable PIN PAD, a complete terminal or a 
logic module installed in a terminal. 

Rg. 2 shows in diagrammatic form the com- 
ponent parts of a host bank's central processor 
used in the preferred embodiment The processor 
10 has a control unit 20 which contains the 
microcode for controlling the operations. A store 
21 which may be an external disc store or any 
similar device is connected to a transm it-receive 
module 22. The Tx/Ra Module 22 may itself 
include a modem which is connected to the 
communication medium {PSS 12 Rg. 1). A 
message authentication generator 23, a random 
number generator 24, a transaction key generator 
25, a message construction register 26 and an 
encipher/decipher unit are connected on a 
common bus to the store 21 and control unit 20. 
Incoming messages may be routed directly to the 
store 21 and outgoing messages either transmit- 
ted directly from the message construction regis- 
ter 26 or via the store 21. 

Of course in a multi-processor the unit of Rg. 2 



may not be separately Identifiable as the control 
program will allocate tasks to registers and pro- 
cessing units according to the priorities of the 
operating system. 

5 Rg. 3 shows In diagrammatic form the com- 
ponent parts of a validity module 14. These 
Include a microprocessor 30, a random access 
store 31, a read only store 32 which contains the 
microcode control for- t^ie module and an 

10 encipher-decipher unit 33, A common bus con- 
nects the units to a transmit-receive unit 34. 
Messages are initially generated and stored in the 
random access store 31 before transmission to 
the Tx/Rx unit 34. Received messages are stored 

75 before the unit operates on them. 

A validity module itself may not include all the 
component parts of Rg. 3. R)r example the Tx/Rx 
unit 34 and the microprocessor 30 may be units of 
a terminal to which the validity module is conn 

20 acted of the transaction to take place. 

The system operates In the following manner. 
The finandai institution or bank Issues validation 
modules (VALMODS) to its patrons or locations 
from which patrons may wish to Interact wHh that 

2S particular Issuer's system (e.g. Bank Branches). 
The VALMODS may therefore be shared among 
many patrons or moved between locations, and 
the patrons may use any module issued by the 
financial Institution. Patrons requiring access to 

30 data at the host system of the institution are 
issued with a user identity number (UID) and a 
user password (UPW) and must use a validation 
module also issued by that Institution. In a bank- 
ing context the UID is equivalent to a personal 

35 account number (PAN) and the password is equi- 
valent to a personal identity number (PIN). 

A VALMOD is supplied with the following Inform 
matlon stored within it. 

40 Issuing a Validation Module 

. The VALMOD is supplied with the following 
Information stored within it 

(a) VALMOD Identity (VMIO) 

(b) A secret hexadecimal data value (VM 
4S Seed n) 

(c) A secret endpherment key value (VM Key n) 

(d) An Index number set to zero (VMNDX » n) 

(e) The Identity of the user host (HMD), this 
could be a PSS network user address for example. 

BQ This information Is also stored at the host site 
indexed by VMID. The secret data would normally 
be protected at the host by encipherment under a 
data enciphering key DKey in the form Eoitey(VM 
Seed n). The secret key will be store enciphered 

55 under the host master key at the host site in the 
form Ehmko(VM Key n). 

UID Is determined by the organisation and acts 
as an Index into Its user data bank. UPW Is a 
random number generated by the organisation 

eo for use with that specific UID. The UID and UPW 
are provided to the user under separate cover. 
The two values are combined to form a user 
authorisation parameter of 8 hexadecimal bytes 
(UVP). The form of combination is not important 

65 so long as Information Is not lost, and the function 
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is reproducable on demand. UVP is stored at the 
host site as an encipherment key in the form 
Ehmko(UVP), and is indexed by the UiD. 

Using the System 5 

I. A user approaches the VALMOD and pro- 
vides his UID (e.g. via a magnetic stripe card or a 
keyboard) the VALMOD stores this UID.. 

2*. The VALMOD compiles a message Including' 
MSG1 containing HIIO VMID VMPAR (0 or 1 10 
depending upon the parity of VMNDX) and UID. 

3. The VALMOD generates a message authentl* 
cation code MAC1 for MSG1 using VM Key n. 

4. MSG1, MAC1 is then sent to the issuer. 

5. If the parity of VMNDX Is correct the issuer ts 
generates MAC1 of reference using the received 
MSG1 and the stored VM Key n (otherwise the 
issuer uses the old values VM Key n - 1 and VM 
Seed n - 1). If the reference Is not the same as 

the received MAC1 the transaction is aborted. 20 

6. If MAC1 is valid then the issuer checks the 
UID, if this is valid then the issuer randomly 
generates an encryption key RNKey. 

a) VM Seed n + 1 = E„NK.y{VM Seed n) 

b) VM Key n + 1 = Ehnicey(VM Seed nOVMID) 2S 

c) UAP = EvMK-,n(EUVP(VMSEED„)) 

d) UAKEY = EvMK.yn(EUVP(VMSEEDnOVMID) 

e) NEWKEY = Euak6y{RNKEY) 

The issuer stores items a and b and discards 
item d. 30 

7. The issuer, compiles a message MSG2 
including UAP and NEW KEY and appends a 
message authentication code MAC2 for MSG2 
using VM KEY n. 

8. The Issuer sends MSG2, MAC2 to the VAL- 3S 
MOD which validates MAC2 using the stored VM 
KEYh. if the validation fails the transaction Is 
aborted. 

9. The VALMOD requests the UPW of the user. 
Combines tills with the stored UID to create a 40 
UVP to be validated. 

10. The VALMOD generates UAP of reference 
using its UVP and stored VM KEYn as in step 6c. 
If this is not the same as the received UAP then 

the transaction is aborted. 4S 

II. The VALMOD generates UAKEY as in step 
6d using the validated UVP and stored 
VMSEEDn. it uses UAKEY to decipher the 
received NEWKEY to obtain RNKEY. 

12. The VALMOD uses the stored VMSEEDn so 
and the received RNKEY to generate 
VMSEEDn + 1 and VMKEYn + 1 as in steps 6a 

and 6b. These replace VMSEEDn and VMKEYn In 
the VALMOD and VMNDX Is incremented by 
one. 55 

13. The VALMOD generates a confirmation 
message MSGS including the contents of MSG1 
but with an authentication code for MSG3 
generated using VMKEYn + 1. This Is sent to the 
issuer. 60 

14. Upon receipt of this the issuer validates 
MACS using the stored VMKEYn + 1, if this fails 
the transaction is aborted and the VALMOD is 
declared out of synchronisation (it cannot be 
used again until reissued). os 



15. The issuer now replaces VMSEEDn with 
VMSEEDn + 1 and VMKEYn with VMKEYn + 1 
each enciphered under the appropriate keys. 

The outcome of the operation is that the VAL- 
MOD has performed a synchronised change of 
its secret data with the Issuer only on the follow- 
ing conditions. 

a) The VALMOD Is valid and ajready syn- 
chronised 

b) The user Is valid and authentic 

Proof of these conditions being met are pro- 
vided in MAC3. 

Implications 

The recording of messages between VALMOD 
and Issuer will not enable an outsider to emulate 
the VALMOD or pretend to be an issuer as the 
critical parameters {VMSEED and VMKEY) are 
changed in each usage of the VALMOD. This 
provides for a highly secure system. 

The receipt of MSG3 .provides access to the , 
user of all legitimate user data and facilities at 
the issuer host via the user's own terminal. A 
series of draft transactions are performed and 
checked by the terminal user. This communica- 
tion is authenticated by generating MAC3 using 
VMKEYn + 1. 

Upon completion of all desired work, it is 
necessary to obtain the authority of the customer 
to transact the draft transactions. This is done by 
a 'completed' message being sent to the issuer. 
This results In another iteration of the VALMOD 
sequence Including re-entry of the PIN (UPW). 

Receipt of MSGS authenticated now using FM 
KEY n + 2 (newly agreed) is the issuer's 
authority to proceed. An acknowledgement to 
this effect authenticated In VMKEY3 would be 
returned to the user's terminal. 

Issuing the UID and UPW 

The following table illustrates the above 
method by showing the items stored and genera- 
ted at the VALMOD and host processors during 
the operation of a transaction session and the 
composition of the Messages MSG1,.MSG2, and 
MSG3 relating to the validation. 



Initially 

Stored at VALMOD 
VMID 

VM Seed n 
VMKeyn 
VMNDX 
HMD 
HltD 
Entered 
UID 



Stored at Host 
VMID 

VM Seed n 

VMKeyn 

VMNDX 

UID 

UVP 



MSG1 includes [HMD, VMID, VMPAR (based 
upon VMNDX) UID, MAC1 (based upon VM Key 
n)I 
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Sent from VALMOD to Host 

Host generate 

MAC1 

RN Key 

VM Seed n + 1 s 

VM Key n + 1 

UAP 

UAKey 

NewKey " * 

10 

MSG2 includes [VM1D, UAP (based upon VM 
Key n, VM Seed n (UVP))« New Key (based upon 
UA Key, RN Key (UVP)), MAC2 (based upon VM 
Keyn)J 

IS 

Sent from Host to VALMOD. 
VALMOD generates from entered UPW 
UVP 
UAP 

UA Key 20 
RNKey 

VM Seed n + 1 
VM Key n + 1 

MSGS includes [HID, VMID, VMPAR, UID, MAC3 25 
(based upon VM Key n + 1)) 

Sent from VALMOD to Host. 

Both VALMOD and Host now store VM Seed 
n+1 and VM Key n+1. 

e At no stage are the new seeds and keys VM 30 
Seed n -h 1 and VM Key n 4* t available outside^ 
the VALMOD and Host computer. 

Claims 

3S 

1. A data communication system including a 
host data processor (10) connected through a 
communication networlc (12) to a plurality of 
message source units, (14) each unit including a 
validity module (14) and in which the host data 40 
processor for each validity module issues and 
stores an initial current transaction session Icey 
(VM key n), and for each user of the system issues 
and stores an authentication parameter (UAP), 
derived from a first part or identity number (UID), 4S 
which is stored on a user's input device and a 
second part, or secret number (UPW), which is 
stored or remembered separately by the user; 

and when a transaction Is Initiated at a message 
source unit (14) by a user the validity module so 
Includes means to construct and transmit to the 
host data processor a first message (MSG 1) 
including the user's Identity number (UID) and a 
message authentication code (MAC 1) based 
upon the current transaction session key (VM key ss 
n); 

the host data processor includes first means to 
regenerate a message authentication code (MAC 
1) when a first message (MSG 1) is received, and 
to compare the regenerated message authentica> so 
tion code with the receh/ed message authentica- 
tion code; 

second means to generate a random or pseudo 
random key (RN key); 
third means to generate a new transaction ss 



session key (VM Key n + 1) based upon the 
random key, (IWAC 1) the users authentication 
parameter (UAP) and the current session key (VM 
key); 

fourth means to construct and transmit to the 
validity module a second message (MSG 2) 
include the user authentication parameter (UAP) 
enciphered using the current transaction key (VM 
key n); and the random' key enciphered using the 
user authentication parameter; 

whereby the validity module includes means 
operable upon receipt of the user's second para- 
meter (secret number) (UPW) to regenerate the 
user's authentication parameter (UAP) and 

means which upon receipt of the second 
message (MSG 2) can compare the received 
authenti'cation parameter (UAP) with the regener- 
ated authentication parameter (UAP) for validity 
of the user's input and using the validated authen- 
tication parameter can decipher the random key 
and regenerate and store the new transaction 
session key (VM key n + 1) for use with the next 
messages transmitted to the host data processor. 

2. A data communication system as claimed In 
claim 1 in which the message source units Include 
portable validity modules. 

3. A method of updating session encipher keys 
in a data communication system In which a host 
data processor (10) is conencted through a com- 
munication network (12) to a plurality of message 
source units, (14) each unit including a validity 
module (14) and in which the host data processor 
for each validity module issues and stores an 
Initial current transaction session key, (VM key n) 
and for each user of the system Issues and stores 
an authentication parameter (UAP), derived from 
a first part or identity number (UID), which is 
stored on a user's Input device and a second part, 
or secret number (UPW), which is stored or 
remembered separately by the user; 

a) including tiie steps of when a transaction is 
Initiated at a message source unit by a user the 
validity module constructing and transmitting to 
the host data processor a first message (MSG 1 ) 
including the user's identity number (UID) and a 
message authentication code (MAC 1) based 
upon the current transaction session key (VM key 
n); 

b) at the host data processor regenerating a 
message authentication code (MAC 1) when a 
first message Is received, and comparing the 
regenerated message authentication (MAC 1) 
code with the received message authentication 
code (MAC1). 

c) generating a random or pseudo random key 
(RN key), 

d) generating a new transaction key (VM Key 
n -i* 1) based upon the random key, the user's 
authentication parameter (UAP) and the current 
session key (VM key n), 

e) constructing and transmitting to the validity 
module a second message (MSG 2) including the 
user authentication parameter (UAP) enciphered 
using the current transaction key (VM key n), and 
the random key enciphered using the user 
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authentication parameter; 

f) at the validity module regenerating upon 
receipt of the user's second parameter (UPW), the 
user's authentication parameter (UAP); and 

g) upon receipt of the second message (MSG 2) 5 
comparing the received authentication parameter 
(UAP) with the regenerated authentication para- 
meter (UAP) for validity of the user's input and 
using the validated authentication parameter to' 
deciphering the random key and regenerating * to 
and store the new transaction session key {VM 

Key n + 1) for use with the next messages trans- 
mitted to the host data processor. 

4. A method of updating session encipher keys 
as claimed in claim 3 in which the message is 
source units include portable validity modules. 

Patentansprfiche 

1. Datenubermittlungssystem enthaltend einen 20 
zentralen Prozessor (10), welcher Qber ein Nach- 
rlchtennetz (12) an eine IWehrzahl von 
Nachrichtenquelleneinheiten (14) angeschtossen 
ist, wobei jede Einheit ein GQItigkeltsmodul (14) 
enthSlt und woHn der zentrale Prozessor fur jedes 25 
Gultigkeitsmodui einen anfSnglichen iaufenden 
Transkationssitzungsschlussel (VM— SchlQssel n) 
ausgibt und speichert und fur jeden Benutzer des 
Systems einen Bereichtigungspara meter (UAP) 
ausgibt und speichert, welcher von einem ersten 30 
Teil. Oder IdentitStsnummer (UiD), welche auf 
einer Benutzer-Eingabevonichtung gespetchert 
ist, und von eInem zweiten Teii oder Geheimnum- 
mer (UPW), welche vom Benutzer getrennt 
gespeichert oder auswendig gewusst wird, abge« 3S 
leitet ist; 

und wenn eine Transaktion an einer Nachrich- 
tenquelleneinheit (14) von einem Benutzer einge- 
leitet wird, enthait das GQItigkeltsmodul Mittel zur 
Erzeugung und Ubertragung an den zentralen 40 
Prozessor einer ersten Nachricht (MSG 1), welche 
die Identititsnummer (UID) des Benutzers und 
einen Nachrichtenberechtigungscode (MAC 1) 
enthSIt, der auf dem Iaufenden Transaktions- 
sitzungsschlQssei (VM — SchlQssel n) beruht; 45 

der zentrale Prozessor enthgit erste Mittel zum 
Regenerieren eines Nachrichtenberechtigungs- 
codes (IVIAC 1), wenn eine erste Nachtricht (MSG 
1) empfangen wird, und zum Vergleich des 
regenerierten Nachrichtenbereichtigungscodes so 
mit dem empfangenen Nachnchtenberechti- 
gungscodOr 

zweite Mittel zur Erzeugung eines Zufalls- oder 
PseudozufallsschlOssels (RN^SchlQssel), 

dritte Mittel zur Erzeugung etnes neuen ss 
TransaktionssitzungsschlQssets (VM— SchlQssel 
n + 1), welcher auf dem ZufallsschlQssei, dem 
(MAC 1)-Code, dem Benutzer-Berechtigungs- 
parameter (UAP) und dem Iaufenden Sitzungs- 
schiusse (VM-SchlQssel) beruht, _ eo 

vierte Mittel zur Gestaltung und Obertragung 
an das GQItigkeitsmoduI einer zweiten Nachricht 
(MSG 2), welche den mltteis des Iaufenden 
TransaktionsschlQssels (VM— SchlQssel n) ver- 
schlQsselten Benuzter-Berechtigungsparameter es 



(UAP) und den mittels des Benuzter-Berechti- 
gungsparameters verschlQsselten Zufalls- 
schlussel belnhaitet; 

wobei das Gultigkeitsmodui Mittel enthait, die 
auf den Empfang des zweiten Anwenderparame- 
ters (Geheimnummer) (UPW) einwirken, um die 
Berechtigungsparameter (UAP) des Benutzers zu 
regenerieren und 

Mittel, welche bei- Empfang der zwelteh Nach>- 
richt (MSG 2) den empfangenen Berechtigungs- 
parameter (UAP) mit dem regenerierten 
Berechtigungsparameter (UAP) zur Gultlgkeit der 
Anwender'-Eingabe vergleichen konnen und mit- 
tels des bestatigten Berechtigungsparameters 
den ZufailsschlQssel entschiOsseln und den 
neuen TransaktlonssitzungsschlQssel (VM— 
SchlQssel n + 1) zur Benutzung mit den 
ndchsten, an den zentralen Prozessor ubertrage- 
nen Nachrichten regenerieren und spelchem kdn- 
nen, 

2. Datenubermittlungssystem nach Anspruch 1, 
in welchem die Nachrichtenquelleneinheiten trag> 
bare GQItigkeitsmodule beinhalten. 

3. Verfahren zur Aktualisierung von Sitzungs- 
codierungsschlQsseIn In einem DatenQber- 
mittlungssystem, in welchem ein zentraler Pro- 
zessor (10) Qber ein Nachrichtennetz (12) an eine 
Mehrzahl von Nachrictenquelleneinhelten ange- 
schlossen Ist, wobei jede Einheit ein GQitlgkeits* 
modul (14) beinhaltet, und worin der zentale 
Prozessor fur jedes Gultigkeitsmodui einen 
anfanglichen Iaufenden Transaktionssitzungs- 
schlQssei (VM— SchlQssel n) ausgibt und spei- 
chert, und fur jeden Benutzer des Systems einen 
Berechtigungsparameter (UAP) ausgibt und spei- 
chert welcher von einem ersten Teil oder Identi- 
tStsnummer (UID), welche auf einer Benutzer* 
Eingabevorrichtung gespeichert wird, und von 
einem zweiten Teil oder Geheimnummer (UPW), 
welche vom Benutzer getrennt gespeichert oder 
auswendig gewusst wird, abgeleitet ist; 

a) enthaltend die Schrltte zum Elnleiten einer 
Transkation an einer Nachrichtenqualleneinheit 
durch einen Benutzer, wobei das GQItigkeits- 
moduI eine erste Nachricht (MSG 1) gestaltet und 
dem zentralen Prozessor ubermittelt, welche die 
Benutzer-ldentitatsnummer (UID) und einen 
Nachrichtenbereichtigungscode (IVIAC 1) enthSIt, 
die auf dem Iaufenden Transaktionssitzungs- 
schlussei (VM— SchlQsse( n) beruhen; 

b) am . zentralen Prozessor, welcher einen 
Nachrichtenberechtigungscode (MAC 1) regene- 
riert, wenn eine erste Nachricht empfangen 
wird, und den regenerierten Nachrichten- 
berechtigungscode (MAC 1) mit dem empfange- 
nen Nachrichtenberechtigungscode (MAC 1) ver- 
gleiclit 

c) Erzeugung eines Zufalls- oder Pseudozufalls- 
schlQsseis (RN — SchlQssel), 

d) Erzeugung eines neuen Transaktions- 
sitzungsschlQssels (VM — SchlQssel n + 1), 
welcher auf dem ZufallsschlQssei, dem Benutzer- 
Berechtigungsparameter (UAP) und dem iaufen- 
den SitzungsschIussel (VM— SchlQssel n) beruht, 

e) Gestaltung und Obertragung einer zweiten 
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Nachricht {MSG 2) an das Gultigkeitsmodul, 
welche den mittels des iaufenden Transaktions- 
schlussels (VM — Schlussel n) verachlusselten 
Benutzer-Berechtigungsparameter (UAP) and den 
mittels des Benutzer-Berechtigungsparameters 
verschlusselten Zufallsschlussal beinhaitet; 

f) beim Gultigkeitsmodul, Regenerierung, bei 
Empfang des zweHen Benutzer-Para meters 
(UPW), dte Benutzer-Berechtigiingsparameters 
(UPAK und 

g) bei Empfang der zweiten Nachricht (MSG 21 
Verglelch des empfangenen Berechtigungs- 
parameter (UAP) mit dem regenerierten 
Berechtigungsparameter (UAP) zur GQItlgkeh der 
Benutzer-Eingabe und mittels des bestStigten 
Berechtfgungsparameters zur EntschlOssetung 
des Zufallsschlussels und zur Regenerierung und 
Speicherung des neuen TransakUonssitzungs- 
schlQssets (VM-Schiassel n+1) zur Benutzung mft 
den nachsten dem zemralen Prozessor ubermittel 
Nachrtchten. 

4. Verfahren zur Aktuallslerung von Sitzungs- 
codierungsschlQsseln nach Anspruch 3, in 
welchem die Nachrichtenquelienefnheiten trag- 
bara GQItigkeitsmodule beinhalten. 

Revendlcatlons ' 

1. Systdme de communication de donn^es 
incluant un processeur central de traitement de 
donndes (10), raccordd par rintermSdialre d'un 
r^seau de communication (12) d une plurality 
d'unitSs (14) constituant des sources de mes- 
sages, dont chacune contient un module de 
cbntrdle de vaildit6 (14), et dans lequel le proces- 
seur central de traitement des donn^es ddiivre et 
memorise,; pour cheque module de contrOle de 
valldit6, un code initial de session de transfert 
actuel (Coda VM n), et ddlivre et memorise, pour 
chaque utilisateur du systdme, un param^tre 
d'authentification (UAP), tir6 d'une premiere par- 
tie, ou num6ro d'Identit6 (UID), qui est m6morls6e 
dans un dispositif d'entrde de Tutiiisateur, et 
d'une seconde partle, ou num6ro secret (PW), qui 
estmfimorisee ou rappel6e s6par6ment par I'utill- 
sateur; 

et, lorsqu'un transfert est d6clench6 dans une 
units (14) formant source de message par un 
utilisateur, le module de contrdle de validity 
comprend des moyens permettant de cr6er et de 
transmettre au processeur central do traitement 
des donndes, un premier message (MSG 1) 
incluant le num^ro d'identitd (UID) de I'utilisateur 
etun code d'authentification de message (MAC 1) 
sur la base du code de session de transfert actuel 
(CodeVMn); 

le processeur central de traitement des don- 
n^es inclut des premiers moyens pour r^g^ndrer 
un code d'authentification de message (MAC 1) 
lors de la reception d'un premier message (MSG 
1), et comparer le code r§g§n6r6 d'authentifica- 
tion de message au code regu d'authentification 
de message, 

des seconds moyens pour produire un code 
aleatoire ou pseudo-aMatoire (code RN), 



des troisiemes moyens pour produire un nou- 
veau code de session de transfert (code VM 
n + 1), sur la base du code aleatoire, du code 
(MAC 1), du paramfttre (UAP) d'authentification 
de I'utilisateur et du code de session actuel (code 
VM n), 

des quatrifemes moyens pour cr6er et transmet- 
tre au module de contrdle de validity un second 
message (MSCB 2) incluant le isaramdtre (UAP) 
d'identtficaton de I'utilisateur cod6 moyennant 
I'utillsation du code de transfert actual (code VM 
n), et le code aleatoire codd moyennant I'utilisa- 
tion du paramdtre d'authentification de I'utilisa- 
teur; 

le module de contrdle de velidrtd incluant des 
moyens pouvant agir, lors de la reception du 
second paramdtre d'utillsateur (nombre secret) 
(UPW) pour r^dnSrer le param^tre (UAP) d'au- 
thentification de Tutiiisateur, et 

des moyens qui, lors de la reception du second 
message (MSG 2) permettent de comparer le 
paramdtre d'authentification re^u (UAP) au para- 
m6tre d'authentification r6g§n6r6 (UPA) pour 
contrdler la vailditd de I'entrSe de rutillsateur et, 
moyennant ^utilisation du paramdtre d'authentifi- 
cation validd, peuvent d^oder le code aleatoire et 
r^gSnSrer et memoriser le nouveau code de 
session de transfert (code VM n + 1) pour son 
utilisation dans les messages suivants envoy^s 
au processeur central de traitement des donn^ 

2. Syst^me de communication de donntes 
selon la revendicatlon 1» dans lequel les unites 
formant sources de messages incluent des 
modules portables de'contrdie de vaiiditd. 

3. Procddd pour mettre h Jour des codes de 
codages de sessions dans un systdrtie de commu- 
nication de donn^esr dans lequel un processeur 
central de traitement des donn^es (10) est rac- 
cord6 par I'interm6dlaire d'un r6seau de commu- 
nication (12) h une plurality d'unit^s (14) consi- 
tuant des sources de messages, dont chacune 
contient un module de contrdle de validit6 (14), et 
dans lequel le processeur central de traitement 
des donn6es d^Iivre et m6morlse, pur chaque 
module de contrdle de validity, un code initial de 
session de transfert actuel (Code VM n), et dSlivre 
et memorise, pour chaque utilisateur du systdme, 
un paramdtre d'authentification (UAP), tir6 d'une 
premidre partie, ou numdro d'Identit6 (UiD), qui 
est mdmorisSe dans un dispositif d'entrde de 
rutillsateur, et d'une seconde partie, ou num^ro 
secret (PW), qui est mSmoris^e ou rappelSe s6pa- 
r^ment par I'utilisateur; 

a) incluant les Stapes comprenant, lorsqu'un 
transfert est dtelenchd par un utilisateur dans une 
units formant source de messages contenant le 
module de contrdle de valtdltS, la creation et la 
transmission au processeur central de traitement 
des donnSes, d'un premier message (SG 1) 
incluant le numSro d'identitS (UID) de I'utilisateur 
et un code d'authentification de message (MAC 1) 
sur la base du code de session de transfert actuel 
(code VM n); 

b) dans le processeur central de traitement des 
donnSes, une rSgSnSration d'un code d'authenti- 
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fication de message (MAC 1) lors de la reception 
d'un premfer message, et la comparaison du code 
d'authentification de message (MAC 1) r6g6n6rd 
au code d'identiflcatfon de message (MAC 1 ) reQu, 

c) la production d'un code al^atolre ou pseudo- 
aldatoire (code RN), 

d) la production d'un nouveau code de session 
de transfert (code VM.n + 1j sur la .base du code 
al4atolre, du paramdtre (UAP) d'authentificatibn 
de Tutfllsateur et du code de session actuel (code 
VM n), 

e) la creation et la transmission au module de 
contrfile de validity, d"un second message (MSG 
2) Incluant le paramdtre (UAP) d'authentification 
de I'utilisateur, moyennant rutfiisatlon du code de 
transfert actuel (code VM n) et du code ai^atolre 
cod6 moyennant I'utllisation du paramfttre d'au- 
thentification de I'utilisateur; 

f) dans le module de contrdle de validitd, la 



r^gdndration du param&tre (UAP) d'authentifica- 
tion de I'utillsateur lors de la r^eption du second 
paramdtre (UPW) de I'utillsateur; et 
g) iors de la reception du second message 

5 (MSG 2), une comparaison du param^tre d'au- 
thentification (UAP) re^ au paramdtre d'identifi- 
cation (UAP) r^6n6r6 pour contrdler la validity 
da i'entrde de I'utUisateur, et I'utilisatlon du para- 
mdtra d'authentification validd pour decoder le 

to code aldatoire et rSg^ndrer le nouveau code do 
session de transfert (code VM n + 1) pour son 
utilisation avec les messages suhrantes envoy^s 
au processeur central de traltement des donndes. 
4. Proc^dd pour mettre h Jour des codes de 

rs codage de sessions selon la revendication 3, 
salon lequel les unites formant sources de mes- 
sages incluent des modules portables de contrfile 
de validity. 
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